Also remember that Credit Card numbers are Personally-Identifiable Information (PII). Industry rules guide our use of these, and misuse represents a great risk of loss to the cardholder.

Below is a list taken from our Information Security and Compliance Program that shows the actions we should take with PII.

Classification Level: Confidential

Examples: SSN, Passwords, Credit Card Numbers

In electronic form: Must be encrypted when on the network and in electronic or physical data storage. Data must be protected with strong passwords. Data cannot be copied onto portable media without managerial consent (including laptops).

In print form: Must not be posted on any website or sent through email. Trash documents must be shredded. Retained documents must be stored in locked cabinets.

Classification Level: Public

Examples: Not confidential or sensitive. Information on University website.

In electronic form: May be posted externally with appropriate approval (department head). May be sent through email.

In print form: Trash documents do not require shredding.

If your department is required to provide PII to other organizations or agencies and you need assistance with securing private info, installing encryption software, or any other issue, please contact the Helpdesk at x1047.